I need some advice regarding the architecture of an application with some social media functions.
Up ahead, I've searched the internet, but haven't found any helpful. Maybe there are some good examples somewhere in the literature on software architecture, and if so, I would be very happy to hear about them.
The goal is to have an application that has one single entity for users with an associated repository. However, there are two fundamentally different scenarios in which a user is requested from the repository:
So my idea would be to implement two different DTOs, an AuthUserDto for the authentication process and a standard UserDto for everything else. This would logically also imply to implement two Services, an AuthUserService and a normal UserService. And to follow the rules of software architecture I know, we would implement two corresponding service interfaces.
And last but not least, the application should also get a UserContextService. To stay true to the naming convention I have used so far, this context service should be called AuthUserContextService, since it is responsible for authentication issues like getCurrentUser() or setCurrentUser().
So in the end the application structure would look something like this:
Application.java
│
├───dto
│ │
│ ├───mapper
│ │ RoleMapper.java
│ │ UserMapper.java
│ │
│ └───model
│ AuthUserDto.java
│ RoleDto.java
│ UserDto.java
│
├───entity
│ Role.java
│ User.java
│
├───repository
│ RoleRepository.java
│ UserRepository.java
│
├───service
│ │ DefaultAuthUserContextService.java
│ │ DefaultAuthUserService.java
│ │ DefaultUserService.java
│ │
│ └───interfaces
│ AuthUserContextService.java
│ AuthUserService.java
│ UserService.java
Is this approach ok, is there a best practice guide for this or is there a completely different and better way to handle the user entity in a usecase specific way?
Many thanks for any help, links and hints to accomplish a decent base architecture.
This solution looks good to me overall.
There are still some challenging parts left:
It's all I remember for now. :) Feel free to ping me in comments if you need more details about anything :)
PS the article for Authentication vs. Authorization is quite long, I'll copy the main idea here:
The best way to illustrate the differences between the two terms is with a simple example. Let's say you decide to go and visit a friend's home. On arrival, you knock on the door, and your friend opens it. She recognizes you (authentication) and greets you. As your friend has authenticated you, she is now comfortable letting you into her home. However, based on your relationship, there are certain things you can do and others you cannot (authorization). For example, you may enter the kitchen area, but you cannot go into her private office. In other words, you have the authorization to enter the kitchen, but access to her private office is prohibited.